Adding to the distraught of these times of COVID-19 lockdown and social distancing, hackers are continuing their ‘service to humanity’ by breaking into websites and wreaking havoc.
Famous examples include:
- 1. Hurtful ransomware running rampant in the World Health Organization’s website.
- 2. Windows Netware malware and ransomware process hollowing, impeding the heroic to-dos of hospital staff and healthcare workers by baiting them with coronavirus fake news and scams directly on their Windows Explorer browser.
- 3. The Italian Social Security website, which was hit hard and had to close down temporarily as it was starting to help out vulnerable citizens with a $655 coronavirus assistance payout.
- 4. Data stolen and processes interrupted from a COVID-19 test center, which was held for ransom by Maze ransomware cyberattacks.
These cyberscum, whose only motive is financial gain through extorsion —forget any à-la-Anonymous romantic notions of hacking, which in any event are still as bad—, are powerful, slippery and unforgiving.
So, it may be time to up website and system safeguards and security.
Here is a list of must haves and must dos.
- Always keep your software up to date with the latest patches and updates. Any holes on your website software are lures for cybercriminals to attack and abuse them.
- Should you use a managed hosting solution, they should be doing this work for you. But it’s never bad idea to call them up and make sure they have their eye on the ball. So, yes, for starters having a strong, reputable, secure web host is a must these days.
- Look into getting your website upgraded with an SSL certificate. These small data files insert cryptographic keys, activate padlocks and the https protocol, and provide secure connections from web server to browser. Moreover, search engines are cracking down on websites perceived as non-secure and will leave the website on the less secure http protocol until upgraded.
- Safeguard your website against SQL injection and XSS attacks. The first will manipulate and alter your databases or any other information source. Cross-site scripting (XSS) injects malicious JavaScript to change page content or steal information, an is especially insidious on modern websites.
- Create a consistent backup schedule for all your critical system information, a rather simple solution that is uncannily often overlooked.
- Firewalls, as its name implies, are like barriers that keep the bad guys at a healthy and secure length. It supervises, filters, and even blocks Internet http traffic to and fro a web app. This will, of course, minimize your vulnerabilities and avoid cybercriminals from seriously damaging, or even taking down, your entire website.
- Website security software is often offered on a dual freeware-paying solution basis. They almost always include a free entry level option, typically for personal projects that may not be business critical. We recommend looking at the likes of Cloudflare, Backup Buddy, Netsparker, Fiddler, OpenVAS, or Sucuri (famously used by WordPress).
Sources:
https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#7d68790b18e5
https://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853
https://www.g2.com/categories/website-security
Discuss